Dynamic rule limits - is this supported?

From:	"Mitch \(WebCob\)" <mitch at webcob dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Dynamic rule limits - is this supported?
Date:	Wed, 15 Sep 2004 10:19:54 -0700

Never noticed this before, but as following a discussion on freebsd-net
where a firewall's dynamic rule list was being overwhelmed...

They were discussing creating rules like this:

> ipfw add allow tcp from evil/24 to any port 445 setup limit src-addr 4
> ipfw add allow tcp from evil/24 to any port 139 setup limit src-addr 4

This would allow only 4 connections for example

Also, the dynamic rule limit seems to be configurable - just in case this
helps anyone I thought I'd note it here...

The default (FBSD 4.9, ipfw 2) number of rules max seems to be 4096.

net.inet.ip.fw.dyn_max: 4096

hope that is useful to someone.

m/